...
In this example, the call to the security-critical function is not executed. It is possible that a reviewer examining this page may could incorrectly assume that the code is executed.
...
Instead of using /* and */ to comment out blocks of code, comment out blocks of code using conditional compilation (e.g.for example, #if, #ifdef, or #ifndef).
| Code Block | ||
|---|---|---|
| ||
#if 0 /* use of critical security function no
* longer necessary */
security_critical_function();
/* some other comment */
#endif
|
...
The NOTREACHED comment tells some compilers and static analysis tools not to complain about this unreachable code. It also serves as documentation.
| Code Block | ||
|---|---|---|
| ||
if (0) { /* use of critical security function no
* longer necessary, for now */
/*NOTREACHED*/
security_critical_function();
/* some other comment */
}
|
This is an instance of exception MSC07-EX2 to guideline recommendation MSC07-C. Detect and remove dead code.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: MSC04-CPP. Use comments consistently and in a readable fashion
Bibliography
Wiki Markup
MISRA Rule \[[MISRA 04|AA. Bibliography#MISRA 04]\] Rule 2.2, "Source code shall only use /\* ... \ */ style comments," Rule 2.3, "The character sequence /\* shall not be used within a comment," and Rule 2.4, "Sections of code should not be "commented out"
Bibliography
| Wiki Markup |
|---|
\[[Summit 052005|AA. Bibliography#Summit 05]\] [Question 11.19|http://c-faq.com/ansi/ifdefsyntax.html] |
...